无服务器框架模板中的跨区域 Secrets Manager 访问

Question

I'm accessing Secrets Manager in my serverless.yml via

${ssm:/aws/reference/secretsmanager/<path-to-secret>~true}

which works out nicely.

Problem is, I'm keeping all my secrets in a single region & now I'm trying to add another region (= stage in serverless), but I don't know how to reference secrets from my main region. To keep costs low, I don't want to replicate my secrets to the secondary regions though.

Is there any way to achieve this without some pre-scripting magic but solely using Serverless?

Answer 1

Based on the docs , the following should work:

${ssm.<region-name>:/aws/reference/secretsmanager/<path-to-secret>~true}